Mount /dev in tmpfs for privileged containers
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby
parent
0f44c2849c
commit
d48b2cf390
6 changed files with 71 additions and 31 deletions
|
|
@ -4,6 +4,7 @@ package nodes
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"syscall"
|
||||
|
|
@ -21,11 +22,6 @@ var DefaultNodes = []string{
|
|||
"tty",
|
||||
}
|
||||
|
||||
// AdditionalNodes includes nodes that are not required
|
||||
var AdditionalNodes = []string{
|
||||
"fuse",
|
||||
}
|
||||
|
||||
// CopyN copies the device node from the host into the rootfs
|
||||
func CopyN(rootfs string, nodesToCopy []string, shouldExist bool) error {
|
||||
oldMask := system.Umask(0000)
|
||||
|
|
@ -61,3 +57,18 @@ func Copy(rootfs, node string, shouldExist bool) error {
|
|||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func GetHostDeviceNodes() ([]string, error) {
|
||||
files, err := ioutil.ReadDir("/dev")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
out := []string{}
|
||||
for _, f := range files {
|
||||
if f.Mode()&os.ModeDevice == os.ModeDevice {
|
||||
out = append(out, f.Name())
|
||||
}
|
||||
}
|
||||
return out, nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue